Archer C5 Multiple SSID + Vlan config

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Atheros WiSOC based Hardware
Author Message
gbonny
DD-WRT User


Joined: 12 Dec 2014
Posts: 69

PostPosted: Mon Dec 29, 2014 15:02    Post subject: Archer C5 Multiple SSID + Vlan config Reply with quote
I've been following this page http://www.dd-wrt.com/wiki/index.php?title=TP-Link_TL-WDR4300 for configuring multiple SSID with a specific vlan on my Archer C5 running 25697.
My Archer C5 is configured as a plain access point following the long version: http://www.dd-wrt.com/wiki/index.php/Wireless_Access_Point

What I did for the Multi SSID <> Different Vlan was:
- 1 extra (guest) SSID (assigned to interface ath0.1)
- create a new vlan and trunk it from the "commands section - startup"
- added a new bridge and added interfaces ath0.1 and eth0.6
- tagged the vlan on my switch


Cmds in startup:
Code:

#!/bin/sh
# enable vlan 6
swconfig dev eth0 set enable_vlan 6
# trunk vlan 6 over port 2 (should be the first lan port)
swconfig dev eth0 vlan 6 set ports "0t 2t"
swconfig dev eth0 set apply

# add vlan to the interface
vconfig add eth0 6
# this creates a new interface named eth0.6 (instead of the vlan6 naming on a WRT4300).

# remove interface from bridge
brctl delif br0 ath0.1

# create new bridge with the wireless interfaces
brctl addbr br6
brctl addif br6 eth0.6
brctl addif br6 ath0.1
#brctl addif br6 ath1.1

# make sure the interfaces are up
ifconfig br6 up
ifconfig ath0.1 up
#ifconfig ath1.1 up
ifconfig eth0.6 up


However I don't get a connection when I connect to the SSID attached to ath0.1. I don't get an IP address and I don't see an DHCP request between my main router and switch. I've added an IP address to the eth0.6 and tried to ping it (from a pc in vlan6) to no success. Anyone got an idea how to fix this?

Some network details:
[main dd-wrt router] - vlan 1 untagged, vlan 6 tagged - [switch] - vlan 1 untagged, vlan 6 tagged - [dd-wrt wifi router]


When I connect a PC like this:
[main dd-wrt router] - vlan 1 untagged, vlan 6 tagged - [switch] - untagged vlan 6 - [pc]
my computer gets an IP address from vlan 6 (192.168.6.x) so the first part must be working.

brctl show:
Code:

root@DD-WRT-C5:~# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.e8de27938601       no              eth0
                                                                      eth1
                                                                      ath0
                                                                      ath1
br6             8000.e8de27938603       no              eth0.6
                                                                      ath0.1



Edit: my main router is a TL-WDR4300 v1.3

_________________
ATH Archer C5 v1.20 31791 std K3.18 - router - Cron, JFFS2, DNS-o-Matic, 6in4 HE with DNSMasq (DHCP+DNS)
ATH TL-WDR4300 v1.3 31791 std K3.10 - router - JFFS2, DynDNS, DNSMasq (DHCP+DNS)
ATH WRT160NL v1.0 29440 std K2.6 - router
BRCM WRT160N v1.0 26635 vpn K2.4 - router
BRCM WRT320N v1.0 27858 mega K3.10 - access point


Last edited by gbonny on Mon Dec 29, 2014 15:48; edited 2 times in total
Sponsor
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 8034

PostPosted: Mon Dec 29, 2014 15:39    Post subject: Reply with quote
I’m not even sure VLAN tagging works on anything except Broadcom chipsets when it comes to dd-wrt. And even then support can be sketchy, only partial, or not 802.1q compliant.

Ppl get all tied up into knots w/ this type of problem because they insist the only solution is to bridge the WAP’s guest network to the primary router’s guest network. But since typically you only intend to provide internet access to guests (not have the guests necessarily share the same network and communicate amongst themselves), this just isn’t necessary. And as I said, it may not work anyway.

Now if your primary guest network is offering some sort of service, say a captive portal, VPN, etc., then I understand the need to bridge. But that's definitely the exception.

Instead of VLAN tagging, why not simply route the guest network over the private network. All you need are some firewall rules to allow forwarding of traffic between the two networks (br0 and br1), protect the resources of br0 from br1 (we only want them to have internet access), and finally NAT the guests network over the private network. Simple and effective.
gbonny
DD-WRT User


Joined: 12 Dec 2014
Posts: 69

PostPosted: Thu Feb 12, 2015 20:33    Post subject: Reply with quote
Somehow it should be possible as it is with openwrt
https://forum.openwrt.org/viewtopic.php?id=54165

I figured out that when I configure an IP on my eth0.6 it is not reachable across my network from my main router or another computer in vlan6..
Code:


swconfig dev eth0 show
<cut..>
VLAN 1:
        vid: 1
        ports: 0 2 3 4 5
VLAN 2:
        vid: 2
        ports: 1 6
VLAN 6:
        vid: 6
        ports: 0t 2t
root@DD-WRT-C5:~# brctl show
bridge name     bridge id    STP enab     interfaces
br0             8000.xxx       no              eth0
                                                        eth1
                                                        ath0
                                                        ath1
br6             8000.xxx       no              eth0.6
                                                        ath0.1

root@DD-WRT-C5:~# ifconfig eth0.6
eth0.6    Link encap:Ethernet  HWaddr E8:DE:27:aa:bb:cc
          inet addr:192.168.6.2  Bcast:192.168.6.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:126 (126.0 B)


_________________
ATH Archer C5 v1.20 31791 std K3.18 - router - Cron, JFFS2, DNS-o-Matic, 6in4 HE with DNSMasq (DHCP+DNS)
ATH TL-WDR4300 v1.3 31791 std K3.10 - router - JFFS2, DynDNS, DNSMasq (DHCP+DNS)
ATH WRT160NL v1.0 29440 std K2.6 - router
BRCM WRT160N v1.0 26635 vpn K2.4 - router
BRCM WRT320N v1.0 27858 mega K3.10 - access point
Roi
DD-WRT Novice


Joined: 08 Apr 2015
Posts: 47

PostPosted: Fri Jun 17, 2016 18:58    Post subject: Re: Archer C5 Multiple SSID + Vlan config Reply with quote
In the case you are still trying I found a clue for your problem. And maybe others are also interested.

gbonny wrote:
- create a new vlan and trunk it from the "commands section - startup"

Cmds in startup:
Code:

swconfig dev eth0 vlan 6 set ports "0t 2t"


I had/have the same problem. You need to adjust this line to:

Code:
swconfig dev eth0 vlan 6 set ports "1t 6t"


According to this page the port map of the C5 and also C7 is completely different comparing to the TL-WDR4300 (see this page) for which the commands you try work. As we need to turn on tagging for CPU (eth0 in case of C7) and the port 1 (where the LAN cable is set it needs to be port 1 and 6.

Ok, this solved the problem for me with guest access, see here.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum